I have a problem that looks a bit like the one in this topic:
https://www.eldos.com/forum/read.php?FID=7&TID=2614

A Windows service that I created needs to load a certificate from the certificate store. I used to open the user store for the user that runs the service and that worked.

Now there is a new request and that is to use the service certificate store. Through the management console I installed the certificate for the service and the service opens the store like this (WCS = WindowsCertificateStore):

Is there an explanation for why this work and it doesn't work to get the certificate from the atCurrentService store?

I prefer the atCurrentService method because now the code must also look up the current computer name and the name under which the service is installed (might change when I re-use this code in another project).

Thank you for checking. At first glance the issue has something to do with access rights to the store (yet indeed the fact that the service is able to access the certificates via the 'Services' store but not via the 'Current Service' one looks weird).

Could you please do another couple of checks for us:

1. Please check if you see any certificates in the ROOT store at all when accessing the store through the 'Current Service' view.

2. Please try to additionally provide a physical name of the store and check if this method works:

I'm also having a hard time validating the certificate with the TElX509CertificateValidator. The validator also needs the complete chain and the root of this chain in the Root store. But the validator has no access to the Services trusted root store. If I use Validator.InitializeWinStorages I get an exception because the service cannot open the atCurrentUser (default) store.

When I modify TElX509CertificateValidator so that WinStorageTrust and WinStorageCA can be created (they were read only) with the correct settings (same as the certificate store in the previous posts) the validation works. Is there a better solution for this and if not: can you modify your source so that the TElX509CertificateValidator.WinStorage* are read AND write properties?

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.